public bool Evaluate(EvaluationContext evaluationContext, ref object state) { // get the authenticated client identity var client = GetClientIdentity(evaluationContext); string tenantName; string userName = client.Name; if (userName.Contains("\\")) { var parts = userName.Split('\\'); tenantName = parts[0]; userName = parts[1]; } else { throw new Exception("Cannot determine tenant and username."); } _oauth2AuthenticationSettings.Username = userName; _oauth2AuthenticationSettings.TenantName = tenantName; var accessTokenResponse = BearerTokenHelper.RetrieveBearTokenFromCache(_oauth2AuthenticationSettings); var claims = ClaimsWebApiHelper.GetClaims(_oauth2AuthenticationSettings, accessTokenResponse.AccessToken); ((System.Security.Claims.ClaimsIdentity)client).AddClaims(claims); // set the custom principal evaluationContext.Properties["Principal"] = new GenericPrincipal(client, null); return(true); }
public override void Validate(string userName, string password) { if (null == userName || null == password) { throw new ArgumentNullException(); } string tenantName; if (userName.Contains("\\")) { var parts = userName.Split('\\'); tenantName = parts[0]; userName = parts[1]; } else { throw new Exception("Cannot determine tenant and username."); } _oauth2AuthenticationSettings.Username = userName; _oauth2AuthenticationSettings.TenantName = tenantName; _oauth2AuthenticationSettings.Password = password; var accessTokenResponse = BearerTokenHelper.RetrieveBearTokenFromCacheOrNew(_oauth2AuthenticationSettings); ClaimsWebApiHelper.Authenticate(_oauth2AuthenticationSettings.Url, accessTokenResponse.AccessToken); }
private void RetrieveWebApiTokenAndCreateCookie(Oauth2AuthenticationSettings oauth2AuthenticationSettings) { var accessTokenResponse = BearerTokenHelper.RetrieveNewBearToken(oauth2AuthenticationSettings); var cookie = new HttpCookie(AuthenticationConstants.AngularAuthToken) { Value = accessTokenResponse.AccessToken, Expires = accessTokenResponse.ExpiresOn }; Response.Cookies.Add(cookie); }
private static IEnumerable <Claim> GetClaimsForUser(string userName, string tenantName) { try { _oauth2AuthenticationSettings.Username = userName; _oauth2AuthenticationSettings.TenantName = tenantName; var accessTokenResponse = BearerTokenHelper.RetrieveBearTokenFromCache(_oauth2AuthenticationSettings); var claims = ClaimsWebApiHelper.GetClaims(_oauth2AuthenticationSettings, accessTokenResponse.AccessToken); return(claims); } catch (Exception ex) { _logger.WriteLogEntry(tenantName, null, MethodBase.GetCurrentMethod().Name + " " + ex.ToString() + " " + ex.Message, LogLevelType.Error, ex); throw; } }
private static bool AuthenticateUser(string userName, string password) { string tenantName = ""; try { var parts = userName.Split('\\'); if (parts.Length > 1) { tenantName = parts[0]; userName = parts[1]; } else { throw new AuthenticationException("Could not determine tenant name and user name") { StatusCode = HttpStatusCode.Unauthorized, ReasonPhrase = "Could not determine tenant name and user name" }; } _oauth2AuthenticationSettings.Password = password; _oauth2AuthenticationSettings.Username = userName; _oauth2AuthenticationSettings.TenantName = tenantName; //Get Token for this user. var accessTokenResponse = BearerTokenHelper.RetrieveBearTokenFromCacheOrNew(_oauth2AuthenticationSettings); if (accessTokenResponse == null || string.IsNullOrEmpty(accessTokenResponse.AccessToken)) { throw new AuthenticationException("Unable to retrieve token") { StatusCode = HttpStatusCode.Unauthorized, ReasonPhrase = "Unable to retrieve token" }; } //If token was cached we did not guarantee that tenant, user name and password are correct. //We only verified that the tenant and user name are the same. var memoryCachingService = new MemoryCacheProvider(); var hashedPassword = memoryCachingService.FetchAndCache(accessTokenResponse.AccessToken, () => EncryptionHelper.Md5Encryption.GetMd5Hash(password), SecurityTokenConstants.TokenLifeTime); if (EncryptionHelper.Md5Encryption.GetMd5Hash(password) != hashedPassword) { throw new AuthenticationException("username or password does not match") { StatusCode = HttpStatusCode.Unauthorized, ReasonPhrase = "username or password does not match" } } ; //Validates that the token is good. ClaimsWebApiHelper.Authenticate(_oauth2AuthenticationSettings.Url, accessTokenResponse.AccessToken); } catch (Exception ex) { _logger.WriteLogEntry(tenantName, null, MethodBase.GetCurrentMethod().Name + " " + ex.GetInnerMostException(), LogLevelType.Error, ex); throw; } return(true); }
/// <summary> /// Retrieves the equipment connection settings. /// </summary> /// <param name="equipmentId">The equipment identifier.</param> /// <param name="authSettings">The authentication settings.</param> /// <returns></returns> public static ProvisioningEquipment RetrieveProvisioningEquipmentSettings(int equipmentId, Oauth2AuthenticationSettings authSettings) { var accessTokenResponse = BearerTokenHelper.RetrieveBearTokenFromCache(authSettings); return(GetEquipmentConnectionSettings(equipmentId, authSettings.Url, accessTokenResponse)); }